package cn.wolfcode.realm;


import cn.wolfcode.domain.Employee;
import cn.wolfcode.domain.Permission;
import cn.wolfcode.domain.Role;
import cn.wolfcode.mapper.PermissionMapper;
import cn.wolfcode.mapper.RoleMapper;
import cn.wolfcode.service.IEmployeeService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import java.util.ArrayList;
import java.util.List;
@Component
public class CRMRealm extends AuthorizingRealm {
    @Autowired
    private IEmployeeService employeeService;
    @Autowired
    private RoleMapper roleMapper;
    @Autowired
    private PermissionMapper permissionMapper;
    @Autowired
    @Override
    public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
        super.setCredentialsMatcher(credentialsMatcher);
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        //获取当前登录用户信息
        Employee employee = (Employee)SecurityUtils.getSubject().getPrincipal();
        //判断是否是超级管理员
        if (employee.isAdmin()){
            info.addRole("ADMIN");//加入admin角色
            info.addStringPermission("*:*");//所有权限
        }else{
            //根据用户的id查询拥有的角色编码
            List<Role> roles = roleMapper.selectByEmpId(employee.getId());
            List<String> roleSn = new ArrayList<>();
            for (Role s : roles) {
                roleSn.add(s.getSn());
            }
            info.addRoles(roleSn);
            //根据用户的id查询拥有的权限表达式
            List<String> strings = permissionMapper.selectByEmpID(employee.getId());
            info.addStringPermissions(strings);
        }

        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        //认证相关
        //获取认证信息;
        String username = (String) token.getPrincipal();
        Employee employee = employeeService.selectByName(username);
            if(employee!=null){
                //如果账号正确,返回一个账号密码正确的AuthenticationInfo对象
                return new SimpleAuthenticationInfo(//账号,密码,当前的Realm名称
                        employee,
                        employee.getPassword(),
                        ByteSource.Util.bytes(username),
                        this.getName()
                );
            }
        return null;
    }
}

